1 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
2 * Copyright (c) 2007-2011, The Tor Project, Inc. */
3 /* See LICENSE for licensing information */
7 * \brief The hidden-service side of rendezvous functionality.
12 static origin_circuit_t
*find_intro_circuit(rend_intro_point_t
*intro
,
13 const char *pk_digest
,
16 /** Represents the mapping from a virtual port of a rendezvous service to
17 * a real port on some IP.
19 typedef struct rend_service_port_config_t
{
20 uint16_t virtual_port
;
23 } rend_service_port_config_t
;
25 /** Try to maintain this many intro points per service if possible. */
26 #define NUM_INTRO_POINTS 3
28 /** If we can't build our intro circuits, don't retry for this long. */
29 #define INTRO_CIRC_RETRY_PERIOD (60*5)
30 /** Don't try to build more than this many circuits before giving up
32 #define MAX_INTRO_CIRCS_PER_PERIOD 10
33 /** How many times will a hidden service operator attempt to connect to
34 * a requested rendezvous point before giving up? */
35 #define MAX_REND_FAILURES 30
36 /** How many seconds should we spend trying to connect to a requested
37 * rendezvous point before giving up? */
38 #define MAX_REND_TIMEOUT 30
40 /** Represents a single hidden service running at this OP. */
41 typedef struct rend_service_t
{
42 /* Fields specified in config file */
43 char *directory
; /**< where in the filesystem it stores it */
44 smartlist_t
*ports
; /**< List of rend_service_port_config_t */
45 int descriptor_version
; /**< Rendezvous descriptor version that will be
47 rend_auth_type_t auth_type
; /**< Client authorization type or 0 if no client
48 * authorization is performed. */
49 smartlist_t
*clients
; /**< List of rend_authorized_client_t's of
50 * clients that may access our service. Can be NULL
51 * if no client authorization is performed. */
53 crypto_pk_env_t
*private_key
; /**< Permanent hidden-service key. */
54 char service_id
[REND_SERVICE_ID_LEN_BASE32
+1]; /**< Onion address without
56 char pk_digest
[DIGEST_LEN
]; /**< Hash of permanent hidden-service key. */
57 smartlist_t
*intro_nodes
; /**< List of rend_intro_point_t's we have,
58 * or are trying to establish. */
59 time_t intro_period_started
; /**< Start of the current period to build
60 * introduction points. */
61 int n_intro_circuits_launched
; /**< count of intro circuits we have
62 * established in this period. */
63 rend_service_descriptor_t
*desc
; /**< Current hidden service descriptor. */
64 time_t desc_is_dirty
; /**< Time at which changes to the hidden service
65 * descriptor content occurred, or 0 if it's
67 time_t next_upload_time
; /**< Scheduled next hidden service descriptor
69 /** Map from digests of Diffie-Hellman values INTRODUCE2 to time_t of when
70 * they were received; used to prevent replays. */
71 digestmap_t
*accepted_intros
;
72 /** Time at which we last removed expired values from accepted_intros. */
73 time_t last_cleaned_accepted_intros
;
76 /** A list of rend_service_t's for services run on this OP.
78 static smartlist_t
*rend_service_list
= NULL
;
80 /** Return the number of rendezvous services we have configured. */
82 num_rend_services(void)
84 if (!rend_service_list
)
86 return smartlist_len(rend_service_list
);
89 /** Helper: free storage held by a single service authorized client entry. */
91 rend_authorized_client_free(rend_authorized_client_t
*client
)
94 if (client
->client_key
)
95 crypto_free_pk_env(client
->client_key
);
96 tor_free(client
->client_name
);
100 /** Helper for strmap_free. */
102 rend_authorized_client_strmap_item_free(void *authorized_client
)
104 rend_authorized_client_free(authorized_client
);
107 /** Release the storage held by <b>service</b>.
110 rend_service_free(rend_service_t
*service
)
112 if (!service
) return;
113 tor_free(service
->directory
);
114 SMARTLIST_FOREACH(service
->ports
, void*, p
, tor_free(p
));
115 smartlist_free(service
->ports
);
116 if (service
->private_key
)
117 crypto_free_pk_env(service
->private_key
);
118 if (service
->intro_nodes
) {
119 SMARTLIST_FOREACH(service
->intro_nodes
, rend_intro_point_t
*, intro
,
120 rend_intro_point_free(intro
););
121 smartlist_free(service
->intro_nodes
);
124 rend_service_descriptor_free(service
->desc
);
125 if (service
->clients
) {
126 SMARTLIST_FOREACH(service
->clients
, rend_authorized_client_t
*, c
,
127 rend_authorized_client_free(c
););
128 smartlist_free(service
->clients
);
130 if (service
->accepted_intros
)
131 digestmap_free(service
->accepted_intros
, _tor_free
);
135 /** Release all the storage held in rend_service_list.
138 rend_service_free_all(void)
140 if (!rend_service_list
) {
143 SMARTLIST_FOREACH(rend_service_list
, rend_service_t
*, ptr
,
144 rend_service_free(ptr
));
145 smartlist_free(rend_service_list
);
146 rend_service_list
= NULL
;
149 /** Validate <b>service</b> and add it to rend_service_list if possible.
152 rend_add_service(rend_service_t
*service
)
155 rend_service_port_config_t
*p
;
157 service
->intro_nodes
= smartlist_create();
159 /* If the service is configured to publish unversioned (v0) and versioned
160 * descriptors (v2 or higher), split it up into two separate services
161 * (unless it is configured to perform client authorization). */
162 if (service
->descriptor_version
== -1) {
163 if (service
->auth_type
== REND_NO_AUTH
) {
164 rend_service_t
*v0_service
= tor_malloc_zero(sizeof(rend_service_t
));
165 v0_service
->directory
= tor_strdup(service
->directory
);
166 v0_service
->ports
= smartlist_create();
167 SMARTLIST_FOREACH(service
->ports
, rend_service_port_config_t
*, p
, {
168 rend_service_port_config_t
*copy
=
169 tor_malloc_zero(sizeof(rend_service_port_config_t
));
170 memcpy(copy
, p
, sizeof(rend_service_port_config_t
));
171 smartlist_add(v0_service
->ports
, copy
);
173 v0_service
->intro_period_started
= service
->intro_period_started
;
174 v0_service
->descriptor_version
= 0; /* Unversioned descriptor. */
175 v0_service
->auth_type
= REND_NO_AUTH
;
176 rend_add_service(v0_service
);
179 service
->descriptor_version
= 2; /* Versioned descriptor. */
182 if (service
->auth_type
!= REND_NO_AUTH
&& !service
->descriptor_version
) {
183 log_warn(LD_CONFIG
, "Hidden service with client authorization and "
184 "version 0 descriptors configured; ignoring.");
185 rend_service_free(service
);
189 if (service
->auth_type
!= REND_NO_AUTH
&&
190 smartlist_len(service
->clients
) == 0) {
191 log_warn(LD_CONFIG
, "Hidden service with client authorization but no "
192 "clients; ignoring.");
193 rend_service_free(service
);
197 if (!smartlist_len(service
->ports
)) {
198 log_warn(LD_CONFIG
, "Hidden service with no ports configured; ignoring.");
199 rend_service_free(service
);
201 smartlist_add(rend_service_list
, service
);
202 log_debug(LD_REND
,"Configuring service with directory \"%s\"",
204 for (i
= 0; i
< smartlist_len(service
->ports
); ++i
) {
205 p
= smartlist_get(service
->ports
, i
);
206 log_debug(LD_REND
,"Service maps port %d to %s:%d",
207 p
->virtual_port
, fmt_addr(&p
->real_addr
), p
->real_port
);
212 /** Parses a real-port to virtual-port mapping and returns a new
213 * rend_service_port_config_t.
215 * The format is: VirtualPort (IP|RealPort|IP:RealPort)?
217 * IP defaults to 127.0.0.1; RealPort defaults to VirtualPort.
219 static rend_service_port_config_t
*
220 parse_port_config(const char *string
)
227 const char *addrport
;
228 rend_service_port_config_t
*result
= NULL
;
230 sl
= smartlist_create();
231 smartlist_split_string(sl
, string
, " ",
232 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
233 if (smartlist_len(sl
) < 1 || smartlist_len(sl
) > 2) {
234 log_warn(LD_CONFIG
, "Bad syntax in hidden service port configuration.");
238 virtport
= (int)tor_parse_long(smartlist_get(sl
,0), 10, 1, 65535, NULL
,NULL
);
240 log_warn(LD_CONFIG
, "Missing or invalid port %s in hidden service port "
241 "configuration", escaped(smartlist_get(sl
,0)));
245 if (smartlist_len(sl
) == 1) {
246 /* No addr:port part; use default. */
248 tor_addr_from_ipv4h(&addr
, 0x7F000001u
); /* 127.0.0.1 */
250 addrport
= smartlist_get(sl
,1);
251 if (strchr(addrport
, ':') || strchr(addrport
, '.')) {
252 if (tor_addr_port_parse(addrport
, &addr
, &p
)<0) {
253 log_warn(LD_CONFIG
,"Unparseable address in hidden service port "
257 realport
= p
?p
:virtport
;
259 /* No addr:port, no addr -- must be port. */
260 realport
= (int)tor_parse_long(addrport
, 10, 1, 65535, NULL
, NULL
);
262 log_warn(LD_CONFIG
,"Unparseable or out-of-range port %s in hidden "
263 "service port configuration.", escaped(addrport
));
266 tor_addr_from_ipv4h(&addr
, 0x7F000001u
); /* Default to 127.0.0.1 */
270 result
= tor_malloc(sizeof(rend_service_port_config_t
));
271 result
->virtual_port
= virtport
;
272 result
->real_port
= realport
;
273 tor_addr_copy(&result
->real_addr
, &addr
);
275 SMARTLIST_FOREACH(sl
, char *, c
, tor_free(c
));
280 /** Set up rend_service_list, based on the values of HiddenServiceDir and
281 * HiddenServicePort in <b>options</b>. Return 0 on success and -1 on
282 * failure. (If <b>validate_only</b> is set, parse, warn and return as
283 * normal, but don't actually change the configured services.)
286 rend_config_services(or_options_t
*options
, int validate_only
)
289 rend_service_t
*service
= NULL
;
290 rend_service_port_config_t
*portcfg
;
291 smartlist_t
*old_service_list
= NULL
;
293 if (!validate_only
) {
294 old_service_list
= rend_service_list
;
295 rend_service_list
= smartlist_create();
298 for (line
= options
->RendConfigLines
; line
; line
= line
->next
) {
299 if (!strcasecmp(line
->key
, "HiddenServiceDir")) {
302 rend_service_free(service
);
304 rend_add_service(service
);
306 service
= tor_malloc_zero(sizeof(rend_service_t
));
307 service
->directory
= tor_strdup(line
->value
);
308 service
->ports
= smartlist_create();
309 service
->intro_period_started
= time(NULL
);
310 service
->descriptor_version
= -1; /**< All descriptor versions. */
314 log_warn(LD_CONFIG
, "%s with no preceding HiddenServiceDir directive",
316 rend_service_free(service
);
319 if (!strcasecmp(line
->key
, "HiddenServicePort")) {
320 portcfg
= parse_port_config(line
->value
);
322 rend_service_free(service
);
325 smartlist_add(service
->ports
, portcfg
);
326 } else if (!strcasecmp(line
->key
, "HiddenServiceAuthorizeClient")) {
327 /* Parse auth type and comma-separated list of client names and add a
328 * rend_authorized_client_t for each client to the service's list
329 * of authorized clients. */
330 smartlist_t
*type_names_split
, *clients
;
331 const char *authname
;
333 if (service
->auth_type
!= REND_NO_AUTH
) {
334 log_warn(LD_CONFIG
, "Got multiple HiddenServiceAuthorizeClient "
335 "lines for a single service.");
336 rend_service_free(service
);
339 type_names_split
= smartlist_create();
340 smartlist_split_string(type_names_split
, line
->value
, " ", 0, 2);
341 if (smartlist_len(type_names_split
) < 1) {
342 log_warn(LD_BUG
, "HiddenServiceAuthorizeClient has no value. This "
343 "should have been prevented when parsing the "
345 smartlist_free(type_names_split
);
346 rend_service_free(service
);
349 authname
= smartlist_get(type_names_split
, 0);
350 if (!strcasecmp(authname
, "basic")) {
351 service
->auth_type
= REND_BASIC_AUTH
;
352 } else if (!strcasecmp(authname
, "stealth")) {
353 service
->auth_type
= REND_STEALTH_AUTH
;
355 log_warn(LD_CONFIG
, "HiddenServiceAuthorizeClient contains "
356 "unrecognized auth-type '%s'. Only 'basic' or 'stealth' "
358 (char *) smartlist_get(type_names_split
, 0));
359 SMARTLIST_FOREACH(type_names_split
, char *, cp
, tor_free(cp
));
360 smartlist_free(type_names_split
);
361 rend_service_free(service
);
364 service
->clients
= smartlist_create();
365 if (smartlist_len(type_names_split
) < 2) {
366 log_warn(LD_CONFIG
, "HiddenServiceAuthorizeClient contains "
367 "auth-type '%s', but no client names.",
368 service
->auth_type
== REND_BASIC_AUTH
? "basic" : "stealth");
369 SMARTLIST_FOREACH(type_names_split
, char *, cp
, tor_free(cp
));
370 smartlist_free(type_names_split
);
373 clients
= smartlist_create();
374 smartlist_split_string(clients
, smartlist_get(type_names_split
, 1),
375 ",", SPLIT_SKIP_SPACE
, 0);
376 SMARTLIST_FOREACH(type_names_split
, char *, cp
, tor_free(cp
));
377 smartlist_free(type_names_split
);
378 /* Remove duplicate client names. */
379 num_clients
= smartlist_len(clients
);
380 smartlist_sort_strings(clients
);
381 smartlist_uniq_strings(clients
);
382 if (smartlist_len(clients
) < num_clients
) {
383 log_info(LD_CONFIG
, "HiddenServiceAuthorizeClient contains %d "
384 "duplicate client name(s); removing.",
385 num_clients
- smartlist_len(clients
));
386 num_clients
= smartlist_len(clients
);
388 SMARTLIST_FOREACH_BEGIN(clients
, const char *, client_name
)
390 rend_authorized_client_t
*client
;
391 size_t len
= strlen(client_name
);
392 if (len
< 1 || len
> REND_CLIENTNAME_MAX_LEN
) {
393 log_warn(LD_CONFIG
, "HiddenServiceAuthorizeClient contains an "
394 "illegal client name: '%s'. Length must be "
395 "between 1 and %d characters.",
396 client_name
, REND_CLIENTNAME_MAX_LEN
);
397 SMARTLIST_FOREACH(clients
, char *, cp
, tor_free(cp
));
398 smartlist_free(clients
);
399 rend_service_free(service
);
402 if (strspn(client_name
, REND_LEGAL_CLIENTNAME_CHARACTERS
) != len
) {
403 log_warn(LD_CONFIG
, "HiddenServiceAuthorizeClient contains an "
404 "illegal client name: '%s'. Valid "
405 "characters are [A-Za-z0-9+-_].",
407 SMARTLIST_FOREACH(clients
, char *, cp
, tor_free(cp
));
408 smartlist_free(clients
);
409 rend_service_free(service
);
412 client
= tor_malloc_zero(sizeof(rend_authorized_client_t
));
413 client
->client_name
= tor_strdup(client_name
);
414 smartlist_add(service
->clients
, client
);
415 log_debug(LD_REND
, "Adding client name '%s'", client_name
);
417 SMARTLIST_FOREACH_END(client_name
);
418 SMARTLIST_FOREACH(clients
, char *, cp
, tor_free(cp
));
419 smartlist_free(clients
);
420 /* Ensure maximum number of clients. */
421 if ((service
->auth_type
== REND_BASIC_AUTH
&&
422 smartlist_len(service
->clients
) > 512) ||
423 (service
->auth_type
== REND_STEALTH_AUTH
&&
424 smartlist_len(service
->clients
) > 16)) {
425 log_warn(LD_CONFIG
, "HiddenServiceAuthorizeClient contains %d "
426 "client authorization entries, but only a "
427 "maximum of %d entries is allowed for "
428 "authorization type '%s'.",
429 smartlist_len(service
->clients
),
430 service
->auth_type
== REND_BASIC_AUTH
? 512 : 16,
431 service
->auth_type
== REND_BASIC_AUTH
? "basic" : "stealth");
432 rend_service_free(service
);
436 smartlist_t
*versions
;
438 int i
, version
, ver_ok
=1, versions_bitmask
= 0;
439 tor_assert(!strcasecmp(line
->key
, "HiddenServiceVersion"));
440 versions
= smartlist_create();
441 smartlist_split_string(versions
, line
->value
, ",",
442 SPLIT_SKIP_SPACE
|SPLIT_IGNORE_BLANK
, 0);
443 for (i
= 0; i
< smartlist_len(versions
); i
++) {
444 version_str
= smartlist_get(versions
, i
);
445 if (strlen(version_str
) != 1 || strspn(version_str
, "02") != 1) {
447 "HiddenServiceVersion can only be 0 and/or 2.");
448 SMARTLIST_FOREACH(versions
, char *, cp
, tor_free(cp
));
449 smartlist_free(versions
);
450 rend_service_free(service
);
453 version
= (int)tor_parse_long(version_str
, 10, 0, INT_MAX
, &ver_ok
,
457 versions_bitmask
|= 1 << version
;
459 /* If exactly one version is set, change descriptor_version to that
460 * value; otherwise leave it at -1. */
461 if (versions_bitmask
== 1 << 0) service
->descriptor_version
= 0;
462 if (versions_bitmask
== 1 << 2) service
->descriptor_version
= 2;
463 SMARTLIST_FOREACH(versions
, char *, cp
, tor_free(cp
));
464 smartlist_free(versions
);
469 rend_service_free(service
);
471 rend_add_service(service
);
474 /* If this is a reload and there were hidden services configured before,
475 * keep the introduction points that are still needed and close the
477 if (old_service_list
&& !validate_only
) {
478 smartlist_t
*surviving_services
= smartlist_create();
481 /* Copy introduction points to new services. */
482 /* XXXX This is O(n^2), but it's only called on reconfigure, so it's
484 SMARTLIST_FOREACH(rend_service_list
, rend_service_t
*, new, {
485 SMARTLIST_FOREACH(old_service_list
, rend_service_t
*, old
, {
486 if (!strcmp(old
->directory
, new->directory
) &&
487 old
->descriptor_version
== new->descriptor_version
) {
488 smartlist_add_all(new->intro_nodes
, old
->intro_nodes
);
489 smartlist_clear(old
->intro_nodes
);
490 smartlist_add(surviving_services
, old
);
496 /* Close introduction circuits of services we don't serve anymore. */
497 /* XXXX it would be nicer if we had a nicer abstraction to use here,
498 * so we could just iterate over the list of services to close, but
499 * once again, this isn't critical-path code. */
500 for (circ
= _circuit_get_global_list(); circ
; circ
= circ
->next
) {
501 if (!circ
->marked_for_close
&&
502 circ
->state
== CIRCUIT_STATE_OPEN
&&
503 (circ
->purpose
== CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
||
504 circ
->purpose
== CIRCUIT_PURPOSE_S_INTRO
)) {
505 origin_circuit_t
*oc
= TO_ORIGIN_CIRCUIT(circ
);
507 tor_assert(oc
->rend_data
);
508 SMARTLIST_FOREACH(surviving_services
, rend_service_t
*, ptr
, {
509 if (!memcmp(ptr
->pk_digest
, oc
->rend_data
->rend_pk_digest
,
511 ptr
->descriptor_version
== oc
->rend_data
->rend_desc_version
) {
518 log_info(LD_REND
, "Closing intro point %s for service %s version %d.",
519 safe_str(oc
->build_state
->chosen_exit
->nickname
),
520 oc
->rend_data
->onion_address
,
521 oc
->rend_data
->rend_desc_version
);
522 circuit_mark_for_close(circ
, END_CIRC_REASON_FINISHED
);
523 /* XXXX Is there another reason we should use here? */
526 smartlist_free(surviving_services
);
527 SMARTLIST_FOREACH(old_service_list
, rend_service_t
*, ptr
,
528 rend_service_free(ptr
));
529 smartlist_free(old_service_list
);
535 /** Replace the old value of <b>service</b>-\>desc with one that reflects
536 * the other fields in service.
539 rend_service_update_descriptor(rend_service_t
*service
)
541 rend_service_descriptor_t
*d
;
542 origin_circuit_t
*circ
;
545 rend_service_descriptor_free(service
->desc
);
546 service
->desc
= NULL
;
548 d
= service
->desc
= tor_malloc_zero(sizeof(rend_service_descriptor_t
));
549 d
->pk
= crypto_pk_dup_key(service
->private_key
);
550 d
->timestamp
= time(NULL
);
551 d
->version
= service
->descriptor_version
;
552 d
->intro_nodes
= smartlist_create();
553 /* Support intro protocols 2 and 3. */
554 d
->protocols
= (1 << 2) + (1 << 3);
556 for (i
= 0; i
< smartlist_len(service
->intro_nodes
); ++i
) {
557 rend_intro_point_t
*intro_svc
= smartlist_get(service
->intro_nodes
, i
);
558 rend_intro_point_t
*intro_desc
;
559 circ
= find_intro_circuit(intro_svc
, service
->pk_digest
, d
->version
);
560 if (!circ
|| circ
->_base
.purpose
!= CIRCUIT_PURPOSE_S_INTRO
)
563 /* We have an entirely established intro circuit. */
564 intro_desc
= tor_malloc_zero(sizeof(rend_intro_point_t
));
565 intro_desc
->extend_info
= extend_info_dup(intro_svc
->extend_info
);
566 if (intro_svc
->intro_key
)
567 intro_desc
->intro_key
= crypto_pk_dup_key(intro_svc
->intro_key
);
568 smartlist_add(d
->intro_nodes
, intro_desc
);
572 /** Load and/or generate private keys for all hidden services, possibly
573 * including keys for client authorization. Return 0 on success, -1 on
577 rend_service_load_keys(void)
583 SMARTLIST_FOREACH_BEGIN(rend_service_list
, rend_service_t
*, s
) {
586 log_info(LD_REND
, "Loading hidden-service keys from \"%s\"",
589 /* Check/create directory */
590 if (check_private_dir(s
->directory
, CPD_CREATE
) < 0)
594 if (strlcpy(fname
,s
->directory
,sizeof(fname
)) >= sizeof(fname
) ||
595 strlcat(fname
,PATH_SEPARATOR
"private_key",sizeof(fname
))
597 log_warn(LD_CONFIG
, "Directory name too long to store key file: \"%s\".",
601 s
->private_key
= init_key_from_file(fname
, 1, LOG_ERR
);
605 /* Create service file */
606 if (rend_get_service_id(s
->private_key
, s
->service_id
)<0) {
607 log_warn(LD_BUG
, "Internal error: couldn't encode service ID.");
610 if (crypto_pk_get_digest(s
->private_key
, s
->pk_digest
)<0) {
611 log_warn(LD_BUG
, "Couldn't compute hash of public key.");
614 if (strlcpy(fname
,s
->directory
,sizeof(fname
)) >= sizeof(fname
) ||
615 strlcat(fname
,PATH_SEPARATOR
"hostname",sizeof(fname
))
617 log_warn(LD_CONFIG
, "Directory name too long to store hostname file:"
618 " \"%s\".", s
->directory
);
621 tor_snprintf(buf
, sizeof(buf
),"%s.onion\n", s
->service_id
);
622 if (write_str_to_file(fname
,buf
,0)<0) {
623 log_warn(LD_CONFIG
, "Could not write onion address to hostname file.");
627 /* If client authorization is configured, load or generate keys. */
628 if (s
->auth_type
!= REND_NO_AUTH
) {
629 char *client_keys_str
= NULL
;
630 strmap_t
*parsed_clients
= strmap_new();
633 open_file_t
*open_cfile
= NULL
, *open_hfile
= NULL
;
635 /* Load client keys and descriptor cookies, if available. */
636 if (tor_snprintf(cfname
, sizeof(cfname
), "%s"PATH_SEPARATOR
"client_keys",
638 log_warn(LD_CONFIG
, "Directory name too long to store client keys "
639 "file: \"%s\".", s
->directory
);
642 client_keys_str
= read_file_to_str(cfname
, RFTS_IGNORE_MISSING
, NULL
);
643 if (client_keys_str
) {
644 if (rend_parse_client_keys(parsed_clients
, client_keys_str
) < 0) {
645 log_warn(LD_CONFIG
, "Previously stored client_keys file could not "
649 log_info(LD_CONFIG
, "Parsed %d previously stored client entries.",
650 strmap_size(parsed_clients
));
651 tor_free(client_keys_str
);
655 /* Prepare client_keys and hostname files. */
656 if (!(cfile
= start_writing_to_stdio_file(cfname
, OPEN_FLAGS_REPLACE
,
657 0600, &open_cfile
))) {
658 log_warn(LD_CONFIG
, "Could not open client_keys file %s",
662 if (!(hfile
= start_writing_to_stdio_file(fname
, OPEN_FLAGS_REPLACE
,
663 0600, &open_hfile
))) {
664 log_warn(LD_CONFIG
, "Could not open hostname file %s", escaped(fname
));
668 /* Either use loaded keys for configured clients or generate new
669 * ones if a client is new. */
670 SMARTLIST_FOREACH_BEGIN(s
->clients
, rend_authorized_client_t
*, client
)
672 char desc_cook_out
[3*REND_DESC_COOKIE_LEN_BASE64
+1];
673 char service_id
[16+1];
674 rend_authorized_client_t
*parsed
=
675 strmap_get(parsed_clients
, client
->client_name
);
678 /* Copy descriptor cookie from parsed entry or create new one. */
680 memcpy(client
->descriptor_cookie
, parsed
->descriptor_cookie
,
681 REND_DESC_COOKIE_LEN
);
683 crypto_rand(client
->descriptor_cookie
, REND_DESC_COOKIE_LEN
);
685 if (base64_encode(desc_cook_out
, 3*REND_DESC_COOKIE_LEN_BASE64
+1,
686 client
->descriptor_cookie
,
687 REND_DESC_COOKIE_LEN
) < 0) {
688 log_warn(LD_BUG
, "Could not base64-encode descriptor cookie.");
689 strmap_free(parsed_clients
, rend_authorized_client_strmap_item_free
);
692 /* Copy client key from parsed entry or create new one if required. */
693 if (parsed
&& parsed
->client_key
) {
694 client
->client_key
= crypto_pk_dup_key(parsed
->client_key
);
695 } else if (s
->auth_type
== REND_STEALTH_AUTH
) {
696 /* Create private key for client. */
697 crypto_pk_env_t
*prkey
= NULL
;
698 if (!(prkey
= crypto_new_pk_env())) {
699 log_warn(LD_BUG
,"Error constructing client key");
702 if (crypto_pk_generate_key(prkey
)) {
703 log_warn(LD_BUG
,"Error generating client key");
704 crypto_free_pk_env(prkey
);
707 if (crypto_pk_check_key(prkey
) <= 0) {
708 log_warn(LD_BUG
,"Generated client key seems invalid");
709 crypto_free_pk_env(prkey
);
712 client
->client_key
= prkey
;
714 /* Add entry to client_keys file. */
715 desc_cook_out
[strlen(desc_cook_out
)-1] = '\0'; /* Remove newline. */
716 written
= tor_snprintf(buf
, sizeof(buf
),
717 "client-name %s\ndescriptor-cookie %s\n",
718 client
->client_name
, desc_cook_out
);
720 log_warn(LD_BUG
, "Could not write client entry.");
723 if (client
->client_key
) {
724 char *client_key_out
= NULL
;
725 crypto_pk_write_private_key_to_string(client
->client_key
,
726 &client_key_out
, &len
);
727 if (rend_get_service_id(client
->client_key
, service_id
)<0) {
728 log_warn(LD_BUG
, "Internal error: couldn't encode service ID.");
729 tor_free(client_key_out
);
732 written
= tor_snprintf(buf
+ written
, sizeof(buf
) - written
,
733 "client-key\n%s", client_key_out
);
734 tor_free(client_key_out
);
736 log_warn(LD_BUG
, "Could not write client entry.");
741 if (fputs(buf
, cfile
) < 0) {
742 log_warn(LD_FS
, "Could not append client entry to file: %s",
747 /* Add line to hostname file. */
748 if (s
->auth_type
== REND_BASIC_AUTH
) {
749 /* Remove == signs (newline has been removed above). */
750 desc_cook_out
[strlen(desc_cook_out
)-2] = '\0';
751 tor_snprintf(buf
, sizeof(buf
),"%s.onion %s # client: %s\n",
752 s
->service_id
, desc_cook_out
, client
->client_name
);
754 char extended_desc_cookie
[REND_DESC_COOKIE_LEN
+1];
755 memcpy(extended_desc_cookie
, client
->descriptor_cookie
,
756 REND_DESC_COOKIE_LEN
);
757 extended_desc_cookie
[REND_DESC_COOKIE_LEN
] =
758 ((int)s
->auth_type
- 1) << 4;
759 if (base64_encode(desc_cook_out
, 3*REND_DESC_COOKIE_LEN_BASE64
+1,
760 extended_desc_cookie
,
761 REND_DESC_COOKIE_LEN
+1) < 0) {
762 log_warn(LD_BUG
, "Could not base64-encode descriptor cookie.");
765 desc_cook_out
[strlen(desc_cook_out
)-3] = '\0'; /* Remove A= and
767 tor_snprintf(buf
, sizeof(buf
),"%s.onion %s # client: %s\n",
768 service_id
, desc_cook_out
, client
->client_name
);
771 if (fputs(buf
, hfile
)<0) {
772 log_warn(LD_FS
, "Could not append host entry to file: %s",
777 SMARTLIST_FOREACH_END(client
);
783 tor_free(client_keys_str
);
784 strmap_free(parsed_clients
, rend_authorized_client_strmap_item_free
);
787 abort_writing_to_file(open_cfile
);
789 abort_writing_to_file(open_hfile
);
792 finish_writing_to_file(open_cfile
);
793 finish_writing_to_file(open_hfile
);
796 } SMARTLIST_FOREACH_END(s
);
800 /** Return the service whose public key has a digest of <b>digest</b> and
801 * which publishes the given descriptor <b>version</b>. Return NULL if no
802 * such service exists.
804 static rend_service_t
*
805 rend_service_get_by_pk_digest_and_version(const char* digest
,
808 SMARTLIST_FOREACH(rend_service_list
, rend_service_t
*, s
,
809 if (!memcmp(s
->pk_digest
,digest
,DIGEST_LEN
) &&
810 s
->descriptor_version
== version
) return s
);
814 /** Return 1 if any virtual port in <b>service</b> wants a circuit
815 * to have good uptime. Else return 0.
818 rend_service_requires_uptime(rend_service_t
*service
)
821 rend_service_port_config_t
*p
;
823 for (i
=0; i
< smartlist_len(service
->ports
); ++i
) {
824 p
= smartlist_get(service
->ports
, i
);
825 if (smartlist_string_num_isin(get_options()->LongLivedPorts
,
832 /** Check client authorization of a given <b>descriptor_cookie</b> for
833 * <b>service</b>. Return 1 for success and 0 for failure. */
835 rend_check_authorization(rend_service_t
*service
,
836 const char *descriptor_cookie
)
838 rend_authorized_client_t
*auth_client
= NULL
;
840 tor_assert(descriptor_cookie
);
841 if (!service
->clients
) {
842 log_warn(LD_BUG
, "Can't check authorization for a service that has no "
843 "authorized clients configured.");
847 /* Look up client authorization by descriptor cookie. */
848 SMARTLIST_FOREACH(service
->clients
, rend_authorized_client_t
*, client
, {
849 if (!memcmp(client
->descriptor_cookie
, descriptor_cookie
,
850 REND_DESC_COOKIE_LEN
)) {
851 auth_client
= client
;
856 char descriptor_cookie_base64
[3*REND_DESC_COOKIE_LEN_BASE64
];
857 base64_encode(descriptor_cookie_base64
, sizeof(descriptor_cookie_base64
),
858 descriptor_cookie
, REND_DESC_COOKIE_LEN
);
859 log_info(LD_REND
, "No authorization found for descriptor cookie '%s'! "
861 descriptor_cookie_base64
);
865 /* Allow the request. */
866 log_debug(LD_REND
, "Client %s authorized for service %s.",
867 auth_client
->client_name
, service
->service_id
);
871 /** Remove elements from <b>service</b>'s replay cache that are old enough to
872 * be noticed by timestamp checking. */
874 clean_accepted_intros(rend_service_t
*service
, time_t now
)
876 const time_t cutoff
= now
- REND_REPLAY_TIME_INTERVAL
;
878 service
->last_cleaned_accepted_intros
= now
;
879 if (!service
->accepted_intros
)
882 DIGESTMAP_FOREACH_MODIFY(service
->accepted_intros
, digest
, time_t *, t
) {
885 MAP_DEL_CURRENT(digest
);
887 } DIGESTMAP_FOREACH_END
;
894 /** Respond to an INTRODUCE2 cell by launching a circuit to the chosen
898 rend_service_introduce(origin_circuit_t
*circuit
, const uint8_t *request
,
901 char *ptr
, *r_cookie
;
902 extend_info_t
*extend_info
= NULL
;
903 char buf
[RELAY_PAYLOAD_SIZE
];
904 char keys
[DIGEST_LEN
+CPATH_KEY_MATERIAL_LEN
]; /* Holds KH, Df, Db, Kf, Kb */
905 rend_service_t
*service
;
906 int r
, i
, v3_shift
= 0;
908 crypto_dh_env_t
*dh
= NULL
;
909 origin_circuit_t
*launched
= NULL
;
910 crypt_path_t
*cpath
= NULL
;
911 char serviceid
[REND_SERVICE_ID_LEN_BASE32
+1];
913 int circ_needs_uptime
;
914 int reason
= END_CIRC_REASON_TORPROTOCOL
;
915 crypto_pk_env_t
*intro_key
;
916 char intro_key_digest
[DIGEST_LEN
];
919 char auth_data
[REND_DESC_COOKIE_LEN
];
920 crypto_digest_env_t
*digest
= NULL
;
921 time_t now
= time(NULL
);
922 char diffie_hellman_hash
[DIGEST_LEN
];
924 tor_assert(circuit
->rend_data
);
926 base32_encode(serviceid
, REND_SERVICE_ID_LEN_BASE32
+1,
927 circuit
->rend_data
->rend_pk_digest
, REND_SERVICE_ID_LEN
);
928 log_info(LD_REND
, "Received INTRODUCE2 cell for service %s on circ %d.",
929 escaped(serviceid
), circuit
->_base
.n_circ_id
);
931 if (circuit
->_base
.purpose
!= CIRCUIT_PURPOSE_S_INTRO
) {
932 log_warn(LD_PROTOCOL
,
933 "Got an INTRODUCE2 over a non-introduction circuit %d.",
934 circuit
->_base
.n_circ_id
);
938 /* min key length plus digest length plus nickname length */
939 if (request_len
< DIGEST_LEN
+REND_COOKIE_LEN
+(MAX_NICKNAME_LEN
+1)+
941 log_warn(LD_PROTOCOL
, "Got a truncated INTRODUCE2 cell on circ %d.",
942 circuit
->_base
.n_circ_id
);
946 /* look up service depending on circuit. */
947 service
= rend_service_get_by_pk_digest_and_version(
948 circuit
->rend_data
->rend_pk_digest
,
949 circuit
->rend_data
->rend_desc_version
);
951 log_warn(LD_REND
, "Got an INTRODUCE2 cell for an unrecognized service %s.",
956 /* if descriptor version is 2, use intro key instead of service key. */
957 if (circuit
->rend_data
->rend_desc_version
== 0) {
958 intro_key
= service
->private_key
;
960 intro_key
= circuit
->intro_key
;
963 /* first DIGEST_LEN bytes of request is intro or service pk digest */
964 crypto_pk_get_digest(intro_key
, intro_key_digest
);
965 if (memcmp(intro_key_digest
, request
, DIGEST_LEN
)) {
966 base32_encode(serviceid
, REND_SERVICE_ID_LEN_BASE32
+1,
967 (char*)request
, REND_SERVICE_ID_LEN
);
968 log_warn(LD_REND
, "Got an INTRODUCE2 cell for the wrong service (%s).",
973 keylen
= crypto_pk_keysize(intro_key
);
974 if (request_len
< keylen
+DIGEST_LEN
) {
975 log_warn(LD_PROTOCOL
,
976 "PK-encrypted portion of INTRODUCE2 cell was truncated.");
979 /* Next N bytes is encrypted with service key */
980 note_crypto_pk_op(REND_SERVER
);
981 r
= crypto_pk_private_hybrid_decrypt(
982 intro_key
,buf
,sizeof(buf
),
983 (char*)(request
+DIGEST_LEN
),request_len
-DIGEST_LEN
,
984 PK_PKCS1_OAEP_PADDING
,1);
986 log_warn(LD_PROTOCOL
, "Couldn't decrypt INTRODUCE2 cell.");
991 /* Version 3 INTRODUCE2 cell. */
992 time_t ts
= 0, now
= time(NULL
);
996 case REND_BASIC_AUTH
:
998 case REND_STEALTH_AUTH
:
999 auth_len
= ntohs(get_uint16(buf
+2));
1000 if (auth_len
!= REND_DESC_COOKIE_LEN
) {
1001 log_info(LD_REND
, "Wrong auth data size %d, should be %d.",
1002 (int)auth_len
, REND_DESC_COOKIE_LEN
);
1005 memcpy(auth_data
, buf
+4, sizeof(auth_data
));
1006 v3_shift
+= 2+REND_DESC_COOKIE_LEN
;
1011 log_info(LD_REND
, "Unknown authorization type '%d'", auth_type
);
1014 /* Check timestamp. */
1015 ts
= ntohl(get_uint32(buf
+1+v3_shift
));
1017 if ((now
- ts
) < -1 * REND_REPLAY_TIME_INTERVAL
/ 2 ||
1018 (now
- ts
) > REND_REPLAY_TIME_INTERVAL
/ 2) {
1019 log_warn(LD_REND
, "INTRODUCE2 cell is too %s. Discarding.",
1020 (now
- ts
) < 0 ? "old" : "new");
1024 if (*buf
== 2 || *buf
== 3) {
1025 /* Version 2 INTRODUCE2 cell. */
1027 extend_info
= tor_malloc_zero(sizeof(extend_info_t
));
1028 tor_addr_from_ipv4n(&extend_info
->addr
, get_uint32(buf
+v3_shift
+1));
1029 extend_info
->port
= ntohs(get_uint16(buf
+v3_shift
+5));
1030 memcpy(extend_info
->identity_digest
, buf
+v3_shift
+7,
1032 extend_info
->nickname
[0] = '$';
1033 base16_encode(extend_info
->nickname
+1, sizeof(extend_info
->nickname
)-1,
1034 extend_info
->identity_digest
, DIGEST_LEN
);
1036 klen
= ntohs(get_uint16(buf
+v3_shift
+7+DIGEST_LEN
));
1037 if ((int)len
!= v3_shift
+7+DIGEST_LEN
+2+klen
+20+128) {
1038 log_warn(LD_PROTOCOL
, "Bad length %u for version %d INTRODUCE2 cell.",
1040 reason
= END_CIRC_REASON_TORPROTOCOL
;
1043 extend_info
->onion_key
=
1044 crypto_pk_asn1_decode(buf
+v3_shift
+7+DIGEST_LEN
+2, klen
);
1045 if (!extend_info
->onion_key
) {
1046 log_warn(LD_PROTOCOL
, "Error decoding onion key in version %d "
1047 "INTRODUCE2 cell.", *buf
);
1048 reason
= END_CIRC_REASON_TORPROTOCOL
;
1051 ptr
= buf
+v3_shift
+7+DIGEST_LEN
+2+klen
;
1052 len
-= v3_shift
+7+DIGEST_LEN
+2+klen
;
1055 size_t nickname_field_len
;
1056 routerinfo_t
*router
;
1059 rp_nickname
= buf
+1;
1060 nickname_field_len
= MAX_HEX_NICKNAME_LEN
+1;
1063 nickname_field_len
= MAX_NICKNAME_LEN
+1;
1067 ptr
=memchr(rp_nickname
,0,nickname_field_len
);
1068 if (!ptr
|| ptr
== rp_nickname
) {
1069 log_warn(LD_PROTOCOL
,
1070 "Couldn't find a nul-padded nickname in INTRODUCE2 cell.");
1073 if ((version
== 0 && !is_legal_nickname(rp_nickname
)) ||
1074 (version
== 1 && !is_legal_nickname_or_hexdigest(rp_nickname
))) {
1075 log_warn(LD_PROTOCOL
, "Bad nickname in INTRODUCE2 cell.");
1078 /* Okay, now we know that a nickname is at the start of the buffer. */
1079 ptr
= rp_nickname
+nickname_field_len
;
1080 len
-= nickname_field_len
;
1081 len
-= rp_nickname
- buf
; /* also remove header space used by version, if
1083 router
= router_get_by_nickname(rp_nickname
, 0);
1085 log_info(LD_REND
, "Couldn't find router %s named in introduce2 cell.",
1086 escaped_safe_str(rp_nickname
));
1087 /* XXXX Add a no-such-router reason? */
1088 reason
= END_CIRC_REASON_TORPROTOCOL
;
1092 extend_info
= extend_info_from_router(router
);
1095 if (len
!= REND_COOKIE_LEN
+DH_KEY_LEN
) {
1096 log_warn(LD_PROTOCOL
, "Bad length %u for INTRODUCE2 cell.", (int)len
);
1097 reason
= END_CIRC_REASON_TORPROTOCOL
;
1102 base16_encode(hexcookie
,9,r_cookie
,4);
1104 /* Determine hash of Diffie-Hellman, part 1 to detect replays. */
1105 digest
= crypto_new_digest_env();
1106 crypto_digest_add_bytes(digest
, ptr
+REND_COOKIE_LEN
, DH_KEY_LEN
);
1107 crypto_digest_get_digest(digest
, diffie_hellman_hash
, DIGEST_LEN
);
1108 crypto_free_digest_env(digest
);
1110 /* Check whether there is a past request with the same Diffie-Hellman,
1112 if (!service
->accepted_intros
)
1113 service
->accepted_intros
= digestmap_new();
1115 access_time
= digestmap_get(service
->accepted_intros
, diffie_hellman_hash
);
1116 if (access_time
!= NULL
) {
1117 log_warn(LD_REND
, "Possible replay detected! We received an "
1118 "INTRODUCE2 cell with same first part of "
1119 "Diffie-Hellman handshake %d seconds ago. Dropping "
1121 (int) (now
- *access_time
));
1125 /* Add request to access history, including time and hash of Diffie-Hellman,
1126 * part 1, and possibly remove requests from the history that are older than
1128 access_time
= tor_malloc(sizeof(time_t));
1130 digestmap_set(service
->accepted_intros
, diffie_hellman_hash
, access_time
);
1131 if (service
->last_cleaned_accepted_intros
+ REND_REPLAY_TIME_INTERVAL
< now
)
1132 clean_accepted_intros(service
, now
);
1134 /* If the service performs client authorization, check included auth data. */
1135 if (service
->clients
) {
1137 if (rend_check_authorization(service
, auth_data
)) {
1138 log_info(LD_REND
, "Authorization data in INTRODUCE2 cell are valid.");
1140 log_info(LD_REND
, "The authorization data that are contained in "
1141 "the INTRODUCE2 cell are invalid. Dropping cell.");
1142 reason
= END_CIRC_REASON_CONNECTFAILED
;
1146 log_info(LD_REND
, "INTRODUCE2 cell does not contain authentication "
1147 "data, but we require client authorization. Dropping cell.");
1148 reason
= END_CIRC_REASON_CONNECTFAILED
;
1153 /* Try DH handshake... */
1154 dh
= crypto_dh_new();
1155 if (!dh
|| crypto_dh_generate_public(dh
)<0) {
1156 log_warn(LD_BUG
,"Internal error: couldn't build DH state "
1157 "or generate public key.");
1158 reason
= END_CIRC_REASON_INTERNAL
;
1161 if (crypto_dh_compute_secret(dh
, ptr
+REND_COOKIE_LEN
, DH_KEY_LEN
, keys
,
1162 DIGEST_LEN
+CPATH_KEY_MATERIAL_LEN
)<0) {
1163 log_warn(LD_BUG
, "Internal error: couldn't complete DH handshake");
1164 reason
= END_CIRC_REASON_INTERNAL
;
1168 circ_needs_uptime
= rend_service_requires_uptime(service
);
1170 /* help predict this next time */
1171 rep_hist_note_used_internal(time(NULL
), circ_needs_uptime
, 1);
1173 /* Launch a circuit to alice's chosen rendezvous point.
1175 for (i
=0;i
<MAX_REND_FAILURES
;i
++) {
1176 int flags
= CIRCLAUNCH_NEED_CAPACITY
| CIRCLAUNCH_IS_INTERNAL
;
1177 if (circ_needs_uptime
) flags
|= CIRCLAUNCH_NEED_UPTIME
;
1178 launched
= circuit_launch_by_extend_info(
1179 CIRCUIT_PURPOSE_S_CONNECT_REND
, extend_info
, flags
);
1184 if (!launched
) { /* give up */
1185 log_warn(LD_REND
, "Giving up launching first hop of circuit to rendezvous "
1186 "point %s for service %s.",
1187 escaped_safe_str(extend_info
->nickname
), serviceid
);
1188 reason
= END_CIRC_REASON_CONNECTFAILED
;
1192 "Accepted intro; launching circuit to %s "
1193 "(cookie %s) for service %s.",
1194 escaped_safe_str(extend_info
->nickname
), hexcookie
, serviceid
);
1195 tor_assert(launched
->build_state
);
1196 /* Fill in the circuit's state. */
1197 launched
->rend_data
= tor_malloc_zero(sizeof(rend_data_t
));
1198 memcpy(launched
->rend_data
->rend_pk_digest
,
1199 circuit
->rend_data
->rend_pk_digest
,
1201 memcpy(launched
->rend_data
->rend_cookie
, r_cookie
, REND_COOKIE_LEN
);
1202 strlcpy(launched
->rend_data
->onion_address
, service
->service_id
,
1203 sizeof(launched
->rend_data
->onion_address
));
1204 launched
->rend_data
->rend_desc_version
= service
->descriptor_version
;
1205 launched
->build_state
->pending_final_cpath
= cpath
=
1206 tor_malloc_zero(sizeof(crypt_path_t
));
1207 cpath
->magic
= CRYPT_PATH_MAGIC
;
1208 launched
->build_state
->expiry_time
= time(NULL
) + MAX_REND_TIMEOUT
;
1210 cpath
->dh_handshake_state
= dh
;
1212 if (circuit_init_cpath_crypto(cpath
,keys
+DIGEST_LEN
,1)<0)
1214 memcpy(cpath
->handshake_digest
, keys
, DIGEST_LEN
);
1215 if (extend_info
) extend_info_free(extend_info
);
1217 memset(keys
, 0, sizeof(keys
));
1220 memset(keys
, 0, sizeof(keys
));
1221 if (dh
) crypto_dh_free(dh
);
1223 circuit_mark_for_close(TO_CIRCUIT(launched
), reason
);
1224 if (extend_info
) extend_info_free(extend_info
);
1228 /** Called when we fail building a rendezvous circuit at some point other
1229 * than the last hop: launches a new circuit to the same rendezvous point.
1232 rend_service_relaunch_rendezvous(origin_circuit_t
*oldcirc
)
1234 origin_circuit_t
*newcirc
;
1235 cpath_build_state_t
*newstate
, *oldstate
;
1237 tor_assert(oldcirc
->_base
.purpose
== CIRCUIT_PURPOSE_S_CONNECT_REND
);
1239 if (!oldcirc
->build_state
||
1240 oldcirc
->build_state
->failure_count
> MAX_REND_FAILURES
||
1241 oldcirc
->build_state
->expiry_time
< time(NULL
)) {
1243 "Attempt to build circuit to %s for rendezvous has failed "
1244 "too many times or expired; giving up.",
1245 oldcirc
->build_state
?
1246 oldcirc
->build_state
->chosen_exit
->nickname
: "*unknown*");
1250 oldstate
= oldcirc
->build_state
;
1251 tor_assert(oldstate
);
1253 if (oldstate
->pending_final_cpath
== NULL
) {
1254 log_info(LD_REND
,"Skipping relaunch of circ that failed on its first hop. "
1255 "Initiator will retry.");
1259 log_info(LD_REND
,"Reattempting rendezvous circuit to '%s'",
1260 oldstate
->chosen_exit
->nickname
);
1262 newcirc
= circuit_launch_by_extend_info(CIRCUIT_PURPOSE_S_CONNECT_REND
,
1263 oldstate
->chosen_exit
,
1264 CIRCLAUNCH_NEED_CAPACITY
|CIRCLAUNCH_IS_INTERNAL
);
1267 log_warn(LD_REND
,"Couldn't relaunch rendezvous circuit to '%s'.",
1268 oldstate
->chosen_exit
->nickname
);
1271 newstate
= newcirc
->build_state
;
1272 tor_assert(newstate
);
1273 newstate
->failure_count
= oldstate
->failure_count
+1;
1274 newstate
->expiry_time
= oldstate
->expiry_time
;
1275 newstate
->pending_final_cpath
= oldstate
->pending_final_cpath
;
1276 oldstate
->pending_final_cpath
= NULL
;
1278 newcirc
->rend_data
= rend_data_dup(oldcirc
->rend_data
);
1281 /** Launch a circuit to serve as an introduction point for the service
1282 * <b>service</b> at the introduction point <b>nickname</b>
1285 rend_service_launch_establish_intro(rend_service_t
*service
,
1286 rend_intro_point_t
*intro
)
1288 origin_circuit_t
*launched
;
1291 "Launching circuit to introduction point %s for service %s",
1292 escaped_safe_str(intro
->extend_info
->nickname
),
1293 service
->service_id
);
1295 rep_hist_note_used_internal(time(NULL
), 1, 0);
1297 ++service
->n_intro_circuits_launched
;
1298 launched
= circuit_launch_by_extend_info(CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
,
1300 CIRCLAUNCH_NEED_UPTIME
|CIRCLAUNCH_IS_INTERNAL
);
1304 "Can't launch circuit to establish introduction at %s.",
1305 escaped_safe_str(intro
->extend_info
->nickname
));
1309 if (memcmp(intro
->extend_info
->identity_digest
,
1310 launched
->build_state
->chosen_exit
->identity_digest
, DIGEST_LEN
)) {
1311 char cann
[HEX_DIGEST_LEN
+1], orig
[HEX_DIGEST_LEN
+1];
1312 base16_encode(cann
, sizeof(cann
),
1313 launched
->build_state
->chosen_exit
->identity_digest
,
1315 base16_encode(orig
, sizeof(orig
),
1316 intro
->extend_info
->identity_digest
, DIGEST_LEN
);
1317 log_info(LD_REND
, "The intro circuit we just cannibalized ends at $%s, "
1318 "but we requested an intro circuit to $%s. Updating "
1319 "our service.", cann
, orig
);
1320 extend_info_free(intro
->extend_info
);
1321 intro
->extend_info
= extend_info_dup(launched
->build_state
->chosen_exit
);
1324 launched
->rend_data
= tor_malloc_zero(sizeof(rend_data_t
));
1325 strlcpy(launched
->rend_data
->onion_address
, service
->service_id
,
1326 sizeof(launched
->rend_data
->onion_address
));
1327 memcpy(launched
->rend_data
->rend_pk_digest
, service
->pk_digest
, DIGEST_LEN
);
1328 launched
->rend_data
->rend_desc_version
= service
->descriptor_version
;
1329 if (service
->descriptor_version
== 2)
1330 launched
->intro_key
= crypto_pk_dup_key(intro
->intro_key
);
1331 if (launched
->_base
.state
== CIRCUIT_STATE_OPEN
)
1332 rend_service_intro_has_opened(launched
);
1336 /** Return the number of introduction points that are or have been
1337 * established for the given service address and rendezvous version. */
1339 count_established_intro_points(const char *query
, int rend_version
)
1343 for (circ
= _circuit_get_global_list(); circ
; circ
= circ
->next
) {
1344 if (!circ
->marked_for_close
&&
1345 circ
->state
== CIRCUIT_STATE_OPEN
&&
1346 (circ
->purpose
== CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
||
1347 circ
->purpose
== CIRCUIT_PURPOSE_S_INTRO
)) {
1348 origin_circuit_t
*oc
= TO_ORIGIN_CIRCUIT(circ
);
1349 if (oc
->rend_data
&&
1350 oc
->rend_data
->rend_desc_version
== rend_version
&&
1351 !rend_cmp_service_ids(query
, oc
->rend_data
->onion_address
))
1358 /** Called when we're done building a circuit to an introduction point:
1359 * sends a RELAY_ESTABLISH_INTRO cell.
1362 rend_service_intro_has_opened(origin_circuit_t
*circuit
)
1364 rend_service_t
*service
;
1367 char buf
[RELAY_PAYLOAD_SIZE
];
1368 char auth
[DIGEST_LEN
+ 9];
1369 char serviceid
[REND_SERVICE_ID_LEN_BASE32
+1];
1370 int reason
= END_CIRC_REASON_TORPROTOCOL
;
1371 crypto_pk_env_t
*intro_key
;
1373 tor_assert(circuit
->_base
.purpose
== CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
);
1374 tor_assert(circuit
->cpath
);
1375 tor_assert(circuit
->rend_data
);
1377 base32_encode(serviceid
, REND_SERVICE_ID_LEN_BASE32
+1,
1378 circuit
->rend_data
->rend_pk_digest
, REND_SERVICE_ID_LEN
);
1380 service
= rend_service_get_by_pk_digest_and_version(
1381 circuit
->rend_data
->rend_pk_digest
,
1382 circuit
->rend_data
->rend_desc_version
);
1384 log_warn(LD_REND
, "Unrecognized service ID %s on introduction circuit %d.",
1385 serviceid
, circuit
->_base
.n_circ_id
);
1386 reason
= END_CIRC_REASON_NOSUCHSERVICE
;
1390 /* If we already have enough introduction circuits for this service,
1391 * redefine this one as a general circuit. */
1392 if (count_established_intro_points(serviceid
,
1393 circuit
->rend_data
->rend_desc_version
) > NUM_INTRO_POINTS
) {
1394 log_info(LD_CIRC
|LD_REND
, "We have just finished an introduction "
1395 "circuit, but we already have enough. Redefining purpose to "
1397 TO_CIRCUIT(circuit
)->purpose
= CIRCUIT_PURPOSE_C_GENERAL
;
1398 circuit_has_opened(circuit
);
1403 "Established circuit %d as introduction point for service %s",
1404 circuit
->_base
.n_circ_id
, serviceid
);
1406 /* If the introduction point will not be used in an unversioned
1407 * descriptor, use the intro key instead of the service key in
1408 * ESTABLISH_INTRO. */
1409 if (service
->descriptor_version
== 0)
1410 intro_key
= service
->private_key
;
1412 intro_key
= circuit
->intro_key
;
1413 /* Build the payload for a RELAY_ESTABLISH_INTRO cell. */
1414 r
= crypto_pk_asn1_encode(intro_key
, buf
+2,
1415 RELAY_PAYLOAD_SIZE
-2);
1417 log_warn(LD_BUG
, "Internal error; failed to establish intro point.");
1418 reason
= END_CIRC_REASON_INTERNAL
;
1422 set_uint16(buf
, htons((uint16_t)len
));
1424 memcpy(auth
, circuit
->cpath
->prev
->handshake_digest
, DIGEST_LEN
);
1425 memcpy(auth
+DIGEST_LEN
, "INTRODUCE", 9);
1426 if (crypto_digest(buf
+len
, auth
, DIGEST_LEN
+9))
1429 note_crypto_pk_op(REND_SERVER
);
1430 r
= crypto_pk_private_sign_digest(intro_key
, buf
+len
, sizeof(buf
)-len
,
1433 log_warn(LD_BUG
, "Internal error: couldn't sign introduction request.");
1434 reason
= END_CIRC_REASON_INTERNAL
;
1439 if (relay_send_command_from_edge(0, TO_CIRCUIT(circuit
),
1440 RELAY_COMMAND_ESTABLISH_INTRO
,
1441 buf
, len
, circuit
->cpath
->prev
)<0) {
1442 log_info(LD_GENERAL
,
1443 "Couldn't send introduction request for service %s on circuit %d",
1444 serviceid
, circuit
->_base
.n_circ_id
);
1445 reason
= END_CIRC_REASON_INTERNAL
;
1451 circuit_mark_for_close(TO_CIRCUIT(circuit
), reason
);
1454 /** Called when we get an INTRO_ESTABLISHED cell; mark the circuit as a
1455 * live introduction point, and note that the service descriptor is
1456 * now out-of-date.*/
1458 rend_service_intro_established(origin_circuit_t
*circuit
,
1459 const uint8_t *request
,
1462 rend_service_t
*service
;
1463 char serviceid
[REND_SERVICE_ID_LEN_BASE32
+1];
1467 if (circuit
->_base
.purpose
!= CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
) {
1468 log_warn(LD_PROTOCOL
,
1469 "received INTRO_ESTABLISHED cell on non-intro circuit.");
1472 tor_assert(circuit
->rend_data
);
1473 service
= rend_service_get_by_pk_digest_and_version(
1474 circuit
->rend_data
->rend_pk_digest
,
1475 circuit
->rend_data
->rend_desc_version
);
1477 log_warn(LD_REND
, "Unknown service on introduction circuit %d.",
1478 circuit
->_base
.n_circ_id
);
1481 service
->desc_is_dirty
= time(NULL
);
1482 circuit
->_base
.purpose
= CIRCUIT_PURPOSE_S_INTRO
;
1484 base32_encode(serviceid
, REND_SERVICE_ID_LEN_BASE32
+ 1,
1485 circuit
->rend_data
->rend_pk_digest
, REND_SERVICE_ID_LEN
);
1487 "Received INTRO_ESTABLISHED cell on circuit %d for service %s",
1488 circuit
->_base
.n_circ_id
, serviceid
);
1492 circuit_mark_for_close(TO_CIRCUIT(circuit
), END_CIRC_REASON_TORPROTOCOL
);
1496 /** Called once a circuit to a rendezvous point is established: sends a
1497 * RELAY_COMMAND_RENDEZVOUS1 cell.
1500 rend_service_rendezvous_has_opened(origin_circuit_t
*circuit
)
1502 rend_service_t
*service
;
1503 char buf
[RELAY_PAYLOAD_SIZE
];
1505 char serviceid
[REND_SERVICE_ID_LEN_BASE32
+1];
1509 tor_assert(circuit
->_base
.purpose
== CIRCUIT_PURPOSE_S_CONNECT_REND
);
1510 tor_assert(circuit
->cpath
);
1511 tor_assert(circuit
->build_state
);
1512 tor_assert(circuit
->rend_data
);
1513 hop
= circuit
->build_state
->pending_final_cpath
;
1516 base16_encode(hexcookie
,9,circuit
->rend_data
->rend_cookie
,4);
1517 base32_encode(serviceid
, REND_SERVICE_ID_LEN_BASE32
+1,
1518 circuit
->rend_data
->rend_pk_digest
, REND_SERVICE_ID_LEN
);
1521 "Done building circuit %d to rendezvous with "
1522 "cookie %s for service %s",
1523 circuit
->_base
.n_circ_id
, hexcookie
, serviceid
);
1525 service
= rend_service_get_by_pk_digest_and_version(
1526 circuit
->rend_data
->rend_pk_digest
,
1527 circuit
->rend_data
->rend_desc_version
);
1529 log_warn(LD_GENERAL
, "Internal error: unrecognized service ID on "
1530 "introduction circuit.");
1531 reason
= END_CIRC_REASON_INTERNAL
;
1535 /* All we need to do is send a RELAY_RENDEZVOUS1 cell... */
1536 memcpy(buf
, circuit
->rend_data
->rend_cookie
, REND_COOKIE_LEN
);
1537 if (crypto_dh_get_public(hop
->dh_handshake_state
,
1538 buf
+REND_COOKIE_LEN
, DH_KEY_LEN
)<0) {
1539 log_warn(LD_GENERAL
,"Couldn't get DH public key.");
1540 reason
= END_CIRC_REASON_INTERNAL
;
1543 memcpy(buf
+REND_COOKIE_LEN
+DH_KEY_LEN
, hop
->handshake_digest
,
1547 if (relay_send_command_from_edge(0, TO_CIRCUIT(circuit
),
1548 RELAY_COMMAND_RENDEZVOUS1
,
1549 buf
, REND_COOKIE_LEN
+DH_KEY_LEN
+DIGEST_LEN
,
1550 circuit
->cpath
->prev
)<0) {
1551 log_warn(LD_GENERAL
, "Couldn't send RENDEZVOUS1 cell.");
1552 reason
= END_CIRC_REASON_INTERNAL
;
1556 crypto_dh_free(hop
->dh_handshake_state
);
1557 hop
->dh_handshake_state
= NULL
;
1559 /* Append the cpath entry. */
1560 hop
->state
= CPATH_STATE_OPEN
;
1561 /* set the windows to default. these are the windows
1562 * that bob thinks alice has.
1564 hop
->package_window
= circuit_initial_package_window();
1565 hop
->deliver_window
= CIRCWINDOW_START
;
1567 onion_append_to_cpath(&circuit
->cpath
, hop
);
1568 circuit
->build_state
->pending_final_cpath
= NULL
; /* prevent double-free */
1570 /* Change the circuit purpose. */
1571 circuit
->_base
.purpose
= CIRCUIT_PURPOSE_S_REND_JOINED
;
1575 circuit_mark_for_close(TO_CIRCUIT(circuit
), reason
);
1579 * Manage introduction points
1582 /** Return the (possibly non-open) introduction circuit ending at
1583 * <b>intro</b> for the service whose public key is <b>pk_digest</b> and
1584 * which publishes descriptor of version <b>desc_version</b>. Return
1585 * NULL if no such service is found.
1587 static origin_circuit_t
*
1588 find_intro_circuit(rend_intro_point_t
*intro
, const char *pk_digest
,
1591 origin_circuit_t
*circ
= NULL
;
1594 while ((circ
= circuit_get_next_by_pk_and_purpose(circ
,pk_digest
,
1595 CIRCUIT_PURPOSE_S_INTRO
))) {
1596 if (!memcmp(circ
->build_state
->chosen_exit
->identity_digest
,
1597 intro
->extend_info
->identity_digest
, DIGEST_LEN
) &&
1599 circ
->rend_data
->rend_desc_version
== desc_version
) {
1605 while ((circ
= circuit_get_next_by_pk_and_purpose(circ
,pk_digest
,
1606 CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
))) {
1607 if (!memcmp(circ
->build_state
->chosen_exit
->identity_digest
,
1608 intro
->extend_info
->identity_digest
, DIGEST_LEN
) &&
1610 circ
->rend_data
->rend_desc_version
== desc_version
) {
1617 /** Determine the responsible hidden service directories for the
1618 * rend_encoded_v2_service_descriptor_t's in <b>descs</b> and upload them;
1619 * <b>service_id</b> and <b>seconds_valid</b> are only passed for logging
1622 directory_post_to_hs_dir(rend_service_descriptor_t
*renddesc
,
1623 smartlist_t
*descs
, const char *service_id
,
1626 int i
, j
, failed_upload
= 0;
1627 smartlist_t
*responsible_dirs
= smartlist_create();
1628 smartlist_t
*successful_uploads
= smartlist_create();
1629 routerstatus_t
*hs_dir
;
1630 for (i
= 0; i
< smartlist_len(descs
); i
++) {
1631 rend_encoded_v2_service_descriptor_t
*desc
= smartlist_get(descs
, i
);
1632 /* Determine responsible dirs. */
1633 if (hid_serv_get_responsible_directories(responsible_dirs
,
1634 desc
->desc_id
) < 0) {
1635 log_warn(LD_REND
, "Could not determine the responsible hidden service "
1636 "directories to post descriptors to.");
1637 smartlist_free(responsible_dirs
);
1638 smartlist_free(successful_uploads
);
1641 for (j
= 0; j
< smartlist_len(responsible_dirs
); j
++) {
1642 char desc_id_base32
[REND_DESC_ID_V2_LEN_BASE32
+ 1];
1643 hs_dir
= smartlist_get(responsible_dirs
, j
);
1644 if (smartlist_digest_isin(renddesc
->successful_uploads
,
1645 hs_dir
->identity_digest
))
1646 /* Don't upload descriptor if we succeeded in doing so last time. */
1648 if (!router_get_by_digest(hs_dir
->identity_digest
)) {
1649 log_info(LD_REND
, "Not sending publish request for v2 descriptor to "
1650 "hidden service directory '%s'; we don't have its "
1651 "router descriptor. Queuing for later upload.",
1656 /* Send publish request. */
1657 directory_initiate_command_routerstatus(hs_dir
,
1658 DIR_PURPOSE_UPLOAD_RENDDESC_V2
,
1659 ROUTER_PURPOSE_GENERAL
,
1660 1, NULL
, desc
->desc_str
,
1661 strlen(desc
->desc_str
), 0);
1662 base32_encode(desc_id_base32
, sizeof(desc_id_base32
),
1663 desc
->desc_id
, DIGEST_LEN
);
1664 log_info(LD_REND
, "Sending publish request for v2 descriptor for "
1665 "service '%s' with descriptor ID '%s' with validity "
1666 "of %d seconds to hidden service directory '%s' on "
1668 safe_str(service_id
),
1669 safe_str(desc_id_base32
),
1673 /* Remember successful upload to this router for next time. */
1674 if (!smartlist_digest_isin(successful_uploads
, hs_dir
->identity_digest
))
1675 smartlist_add(successful_uploads
, hs_dir
->identity_digest
);
1677 smartlist_clear(responsible_dirs
);
1679 if (!failed_upload
) {
1680 if (renddesc
->successful_uploads
) {
1681 SMARTLIST_FOREACH(renddesc
->successful_uploads
, char *, c
, tor_free(c
););
1682 smartlist_free(renddesc
->successful_uploads
);
1683 renddesc
->successful_uploads
= NULL
;
1685 renddesc
->all_uploads_performed
= 1;
1687 /* Remember which routers worked this time, so that we don't upload the
1688 * descriptor to them again. */
1689 if (!renddesc
->successful_uploads
)
1690 renddesc
->successful_uploads
= smartlist_create();
1691 SMARTLIST_FOREACH(successful_uploads
, const char *, c
, {
1692 if (!smartlist_digest_isin(renddesc
->successful_uploads
, c
)) {
1693 char *hsdir_id
= tor_memdup(c
, DIGEST_LEN
);
1694 smartlist_add(renddesc
->successful_uploads
, hsdir_id
);
1698 smartlist_free(responsible_dirs
);
1699 smartlist_free(successful_uploads
);
1702 /** Encode and sign up-to-date v0 and/or v2 service descriptors for
1703 * <b>service</b>, and upload it/them to all the dirservers/to the
1704 * responsible hidden service directories.
1707 upload_service_descriptor(rend_service_t
*service
)
1709 time_t now
= time(NULL
);
1711 char serviceid
[REND_SERVICE_ID_LEN_BASE32
+1];
1714 rendpostperiod
= get_options()->RendPostPeriod
;
1716 /* Upload unversioned (v0) descriptor? */
1717 if (service
->descriptor_version
== 0 &&
1718 get_options()->PublishHidServDescriptors
) {
1721 /* Encode the descriptor. */
1722 if (rend_encode_service_descriptor(service
->desc
,
1723 service
->private_key
,
1724 &desc
, &desc_len
)<0) {
1725 log_warn(LD_BUG
, "Internal error: couldn't encode service descriptor; "
1730 /* Post it to the dirservers */
1731 rend_get_service_id(service
->desc
->pk
, serviceid
);
1732 log_info(LD_REND
, "Sending publish request for hidden service %s",
1734 directory_post_to_dirservers(DIR_PURPOSE_UPLOAD_RENDDESC
,
1735 ROUTER_PURPOSE_GENERAL
,
1736 HIDSERV_AUTHORITY
, desc
, desc_len
, 0);
1738 service
->next_upload_time
= now
+ rendpostperiod
;
1742 /* Upload v2 descriptor? */
1743 if (service
->descriptor_version
== 2 &&
1744 get_options()->PublishHidServDescriptors
) {
1745 networkstatus_t
*c
= networkstatus_get_latest_consensus();
1746 if (c
&& smartlist_len(c
->routerstatus_list
) > 0) {
1747 int seconds_valid
, i
, j
, num_descs
;
1748 smartlist_t
*descs
= smartlist_create();
1749 smartlist_t
*client_cookies
= smartlist_create();
1750 /* Either upload a single descriptor (including replicas) or one
1751 * descriptor for each authorized client in case of authorization
1752 * type 'stealth'. */
1753 num_descs
= service
->auth_type
== REND_STEALTH_AUTH
?
1754 smartlist_len(service
->clients
) : 1;
1755 for (j
= 0; j
< num_descs
; j
++) {
1756 crypto_pk_env_t
*client_key
= NULL
;
1757 rend_authorized_client_t
*client
= NULL
;
1758 smartlist_clear(client_cookies
);
1759 switch (service
->auth_type
) {
1761 /* Do nothing here. */
1763 case REND_BASIC_AUTH
:
1764 SMARTLIST_FOREACH(service
->clients
, rend_authorized_client_t
*,
1765 cl
, smartlist_add(client_cookies
, cl
->descriptor_cookie
));
1767 case REND_STEALTH_AUTH
:
1768 client
= smartlist_get(service
->clients
, j
);
1769 client_key
= client
->client_key
;
1770 smartlist_add(client_cookies
, client
->descriptor_cookie
);
1773 /* Encode the current descriptor. */
1774 seconds_valid
= rend_encode_v2_descriptors(descs
, service
->desc
,
1779 if (seconds_valid
< 0) {
1780 log_warn(LD_BUG
, "Internal error: couldn't encode service "
1781 "descriptor; not uploading.");
1782 smartlist_free(descs
);
1783 smartlist_free(client_cookies
);
1786 /* Post the current descriptors to the hidden service directories. */
1787 rend_get_service_id(service
->desc
->pk
, serviceid
);
1788 log_info(LD_REND
, "Sending publish request for hidden service %s",
1790 directory_post_to_hs_dir(service
->desc
, descs
, serviceid
,
1792 /* Free memory for descriptors. */
1793 for (i
= 0; i
< smartlist_len(descs
); i
++)
1794 rend_encoded_v2_service_descriptor_free(smartlist_get(descs
, i
));
1795 smartlist_clear(descs
);
1796 /* Update next upload time. */
1797 if (seconds_valid
- REND_TIME_PERIOD_OVERLAPPING_V2_DESCS
1799 service
->next_upload_time
= now
+ rendpostperiod
;
1800 else if (seconds_valid
< REND_TIME_PERIOD_OVERLAPPING_V2_DESCS
)
1801 service
->next_upload_time
= now
+ seconds_valid
+ 1;
1803 service
->next_upload_time
= now
+ seconds_valid
-
1804 REND_TIME_PERIOD_OVERLAPPING_V2_DESCS
+ 1;
1805 /* Post also the next descriptors, if necessary. */
1806 if (seconds_valid
< REND_TIME_PERIOD_OVERLAPPING_V2_DESCS
) {
1807 seconds_valid
= rend_encode_v2_descriptors(descs
, service
->desc
,
1812 if (seconds_valid
< 0) {
1813 log_warn(LD_BUG
, "Internal error: couldn't encode service "
1814 "descriptor; not uploading.");
1815 smartlist_free(descs
);
1816 smartlist_free(client_cookies
);
1819 directory_post_to_hs_dir(service
->desc
, descs
, serviceid
,
1821 /* Free memory for descriptors. */
1822 for (i
= 0; i
< smartlist_len(descs
); i
++)
1823 rend_encoded_v2_service_descriptor_free(smartlist_get(descs
, i
));
1824 smartlist_clear(descs
);
1827 smartlist_free(descs
);
1828 smartlist_free(client_cookies
);
1830 log_info(LD_REND
, "Successfully uploaded v2 rend descriptors!");
1834 /* If not uploaded, try again in one minute. */
1836 service
->next_upload_time
= now
+ 60;
1838 /* Unmark dirty flag of this service. */
1839 service
->desc_is_dirty
= 0;
1842 /** For every service, check how many intro points it currently has, and:
1843 * - Pick new intro points as necessary.
1844 * - Launch circuits to any new intro points.
1847 rend_services_introduce(void)
1850 routerinfo_t
*router
;
1851 rend_service_t
*service
;
1852 rend_intro_point_t
*intro
;
1853 int changed
, prev_intro_nodes
;
1854 smartlist_t
*intro_routers
;
1856 or_options_t
*options
= get_options();
1858 intro_routers
= smartlist_create();
1861 for (i
=0; i
< smartlist_len(rend_service_list
); ++i
) {
1862 smartlist_clear(intro_routers
);
1863 service
= smartlist_get(rend_service_list
, i
);
1865 tor_assert(service
);
1867 if (now
> service
->intro_period_started
+INTRO_CIRC_RETRY_PERIOD
) {
1868 /* One period has elapsed; we can try building circuits again. */
1869 service
->intro_period_started
= now
;
1870 service
->n_intro_circuits_launched
= 0;
1871 } else if (service
->n_intro_circuits_launched
>=
1872 MAX_INTRO_CIRCS_PER_PERIOD
) {
1873 /* We have failed too many times in this period; wait for the next
1874 * one before we try again. */
1878 /* Find out which introduction points we have in progress for this
1880 for (j
=0; j
< smartlist_len(service
->intro_nodes
); ++j
) {
1881 intro
= smartlist_get(service
->intro_nodes
, j
);
1882 router
= router_get_by_digest(intro
->extend_info
->identity_digest
);
1883 if (!router
|| !find_intro_circuit(intro
, service
->pk_digest
,
1884 service
->descriptor_version
)) {
1885 log_info(LD_REND
,"Giving up on %s as intro point for %s.",
1886 intro
->extend_info
->nickname
, service
->service_id
);
1887 if (service
->desc
) {
1888 SMARTLIST_FOREACH(service
->desc
->intro_nodes
, rend_intro_point_t
*,
1890 if (!memcmp(dintro
->extend_info
->identity_digest
,
1891 intro
->extend_info
->identity_digest
, DIGEST_LEN
)) {
1892 log_info(LD_REND
, "The intro point we are giving up on was "
1893 "included in the last published descriptor. "
1894 "Marking current descriptor as dirty.");
1895 service
->desc_is_dirty
= now
;
1899 rend_intro_point_free(intro
);
1900 smartlist_del(service
->intro_nodes
,j
--);
1904 smartlist_add(intro_routers
, router
);
1907 /* We have enough intro points, and the intro points we thought we had were
1910 if (!changed
&& smartlist_len(service
->intro_nodes
) >= NUM_INTRO_POINTS
) {
1911 /* We have all our intro points! Start a fresh period and reset the
1913 service
->intro_period_started
= now
;
1914 service
->n_intro_circuits_launched
= 0;
1918 /* Remember how many introduction circuits we started with. */
1919 prev_intro_nodes
= smartlist_len(service
->intro_nodes
);
1920 /* We have enough directory information to start establishing our
1921 * intro points. We want to end up with three intro points, but if
1922 * we're just starting, we launch five and pick the first three that
1925 * The ones after the first three will be converted to 'general'
1926 * internal circuits in rend_service_intro_has_opened(), and then
1927 * we'll drop them from the list of intro points next time we
1928 * go through the above "find out which introduction points we have
1929 * in progress" loop. */
1930 #define NUM_INTRO_POINTS_INIT (NUM_INTRO_POINTS + 2)
1931 for (j
=prev_intro_nodes
; j
< (prev_intro_nodes
== 0 ?
1932 NUM_INTRO_POINTS_INIT
: NUM_INTRO_POINTS
); ++j
) {
1933 router_crn_flags_t flags
= CRN_NEED_UPTIME
;
1934 if (get_options()->_AllowInvalid
& ALLOW_INVALID_INTRODUCTION
)
1935 flags
|= CRN_ALLOW_INVALID
;
1936 router
= router_choose_random_node(NULL
, intro_routers
,
1937 options
->ExcludeNodes
, flags
);
1940 "Could only establish %d introduction points for %s.",
1941 smartlist_len(service
->intro_nodes
), service
->service_id
);
1945 smartlist_add(intro_routers
, router
);
1946 intro
= tor_malloc_zero(sizeof(rend_intro_point_t
));
1947 intro
->extend_info
= extend_info_from_router(router
);
1948 if (service
->descriptor_version
== 2) {
1949 intro
->intro_key
= crypto_new_pk_env();
1950 tor_assert(!crypto_pk_generate_key(intro
->intro_key
));
1952 smartlist_add(service
->intro_nodes
, intro
);
1953 log_info(LD_REND
, "Picked router %s as an intro point for %s.",
1954 router
->nickname
, service
->service_id
);
1957 /* If there's no need to launch new circuits, stop here. */
1961 /* Establish new introduction points. */
1962 for (j
=prev_intro_nodes
; j
< smartlist_len(service
->intro_nodes
); ++j
) {
1963 intro
= smartlist_get(service
->intro_nodes
, j
);
1964 r
= rend_service_launch_establish_intro(service
, intro
);
1966 log_warn(LD_REND
, "Error launching circuit to node %s for service %s.",
1967 intro
->extend_info
->nickname
, service
->service_id
);
1971 smartlist_free(intro_routers
);
1974 /** Regenerate and upload rendezvous service descriptors for all
1975 * services, if necessary. If the descriptor has been dirty enough
1976 * for long enough, definitely upload; else only upload when the
1977 * periodic timeout has expired.
1979 * For the first upload, pick a random time between now and two periods
1980 * from now, and pick it independently for each service.
1983 rend_consider_services_upload(time_t now
)
1986 rend_service_t
*service
;
1987 int rendpostperiod
= get_options()->RendPostPeriod
;
1989 if (!get_options()->PublishHidServDescriptors
)
1992 for (i
=0; i
< smartlist_len(rend_service_list
); ++i
) {
1993 service
= smartlist_get(rend_service_list
, i
);
1994 if (!service
->next_upload_time
) { /* never been uploaded yet */
1995 /* The fixed lower bound of 30 seconds ensures that the descriptor
1996 * is stable before being published. See comment below. */
1997 service
->next_upload_time
=
1998 now
+ 30 + crypto_rand_int(2*rendpostperiod
);
2000 if (service
->next_upload_time
< now
||
2001 (service
->desc_is_dirty
&&
2002 service
->desc_is_dirty
< now
-30)) {
2003 /* if it's time, or if the directory servers have a wrong service
2004 * descriptor and ours has been stable for 30 seconds, upload a
2005 * new one of each format. */
2006 rend_service_update_descriptor(service
);
2007 upload_service_descriptor(service
);
2012 /** True if the list of available router descriptors might have changed so
2013 * that we should have a look whether we can republish previously failed
2014 * rendezvous service descriptors. */
2015 static int consider_republishing_rend_descriptors
= 1;
2017 /** Called when our internal view of the directory has changed, so that we
2018 * might have router descriptors of hidden service directories available that
2019 * we did not have before. */
2021 rend_hsdir_routers_changed(void)
2023 consider_republishing_rend_descriptors
= 1;
2026 /** Consider republication of v2 rendezvous service descriptors that failed
2027 * previously, but without regenerating descriptor contents.
2030 rend_consider_descriptor_republication(void)
2033 rend_service_t
*service
;
2035 if (!consider_republishing_rend_descriptors
)
2037 consider_republishing_rend_descriptors
= 0;
2039 if (!get_options()->PublishHidServDescriptors
)
2042 for (i
=0; i
< smartlist_len(rend_service_list
); ++i
) {
2043 service
= smartlist_get(rend_service_list
, i
);
2044 if (service
->descriptor_version
&& service
->desc
&&
2045 !service
->desc
->all_uploads_performed
) {
2046 /* If we failed in uploading a descriptor last time, try again *without*
2047 * updating the descriptor's contents. */
2048 upload_service_descriptor(service
);
2053 /** Log the status of introduction points for all rendezvous services
2054 * at log severity <b>severity</b>.
2057 rend_service_dump_stats(int severity
)
2060 rend_service_t
*service
;
2061 rend_intro_point_t
*intro
;
2062 const char *safe_name
;
2063 origin_circuit_t
*circ
;
2065 for (i
=0; i
< smartlist_len(rend_service_list
); ++i
) {
2066 service
= smartlist_get(rend_service_list
, i
);
2067 log(severity
, LD_GENERAL
, "Service configured in \"%s\":",
2068 service
->directory
);
2069 for (j
=0; j
< smartlist_len(service
->intro_nodes
); ++j
) {
2070 intro
= smartlist_get(service
->intro_nodes
, j
);
2071 safe_name
= safe_str(intro
->extend_info
->nickname
);
2073 circ
= find_intro_circuit(intro
, service
->pk_digest
,
2074 service
->descriptor_version
);
2076 log(severity
, LD_GENERAL
, " Intro point %d at %s: no circuit",
2080 log(severity
, LD_GENERAL
, " Intro point %d at %s: circuit is %s",
2081 j
, safe_name
, circuit_state_to_string(circ
->_base
.state
));
2086 /** Given <b>conn</b>, a rendezvous exit stream, look up the hidden service for
2087 * 'circ', and look up the port and address based on conn-\>port.
2088 * Assign the actual conn-\>addr and conn-\>port. Return -1 if failure,
2092 rend_service_set_connection_addr_port(edge_connection_t
*conn
,
2093 origin_circuit_t
*circ
)
2095 rend_service_t
*service
;
2096 char serviceid
[REND_SERVICE_ID_LEN_BASE32
+1];
2097 smartlist_t
*matching_ports
;
2098 rend_service_port_config_t
*chosen_port
;
2100 tor_assert(circ
->_base
.purpose
== CIRCUIT_PURPOSE_S_REND_JOINED
);
2101 tor_assert(circ
->rend_data
);
2102 log_debug(LD_REND
,"beginning to hunt for addr/port");
2103 base32_encode(serviceid
, REND_SERVICE_ID_LEN_BASE32
+1,
2104 circ
->rend_data
->rend_pk_digest
, REND_SERVICE_ID_LEN
);
2105 service
= rend_service_get_by_pk_digest_and_version(
2106 circ
->rend_data
->rend_pk_digest
,
2107 circ
->rend_data
->rend_desc_version
);
2109 log_warn(LD_REND
, "Couldn't find any service associated with pk %s on "
2110 "rendezvous circuit %d; closing.",
2111 serviceid
, circ
->_base
.n_circ_id
);
2114 matching_ports
= smartlist_create();
2115 SMARTLIST_FOREACH(service
->ports
, rend_service_port_config_t
*, p
,
2117 if (conn
->_base
.port
== p
->virtual_port
) {
2118 smartlist_add(matching_ports
, p
);
2121 chosen_port
= smartlist_choose(matching_ports
);
2122 smartlist_free(matching_ports
);
2124 tor_addr_copy(&conn
->_base
.addr
, &chosen_port
->real_addr
);
2125 conn
->_base
.port
= chosen_port
->real_port
;
2128 log_info(LD_REND
, "No virtual port mapping exists for port %d on service %s",
2129 conn
->_base
.port
,serviceid
);